SurfControl Web Filter Installation Guide

Transcription

Web Filter
SurfControl Web Filter
Installation Guide
www.surfcontrol.com
The World’s #1 Web & E-mail Filtering Company
Notices
Updates to the SurfControl documentation and software as well as Support
information are available at www.SurfControl.com/support.
Copyright ©1998-2003 SurfControl plc. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or
transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording, or otherwise, without the prior permission of the
copyright owner.
SurfControl is a registered trademark and SurfControl and the SurfControl logo
are trademarks of SurfControl plc. All other trademarks are property of their
respective owners.
Version 4.5 printed October 2003.
SurfControl Web Filter - Administrator’s Guide
i
Contents
Notices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i - i
Installation Requirements
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 1
Where to install SurfControl Web Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 2
Single-segment Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Multi-segment Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Microsoft ISA Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auto detecting your network configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1-3
1-4
1-6
1-8
Database Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 9
SQL Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 9
MSDE Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 9
Network Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 10
Identifying your NICs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 - 10
Installation
Flow chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 2
Installation Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 3
Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 11
Access to SQL Server Database Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 11
Upgrading Archived Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 12
Upgrading SQL Archived Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 - 12
Post Installation Configuration
Database creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 1
Creating a SQL Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 1
Creating a MSDE Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 4
The Virtual Control Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 5
ii
SurfControl Web Filter - Installation Guide
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Post Installation Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring the VCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Upgrading the VCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-5
3-5
3-6
3-7
Enterprise User Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 8
EUM on Windows NT domain controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 8
EUM on Windows 2000/2003 domain controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 8
Installation Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 9
User Logoff Recommendations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 9
To install Enterprise User Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 10
EUM for Netware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 11
Installing the Netware Loadable Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 11
Performance Tuning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 12
System Workload Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Monitoring Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Other Performance Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Performance Factors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Catch-Up Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Distributing Services and Multiple Collectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 - 12
3 - 13
3 - 13
3 - 14
3 - 14
3 - 15
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 16
Proxy Server running on a non-standard port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 16
To configure non-standard ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 16
If no data is being collected. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 17
Troubleshooting EUM Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 18
iii
1
1.1 System Requirements
You should check that the machines you will be using meet the minimum
system requirements outlined in the table below.
Operating System
Microsoft Windows 2000 Server with Service Pack 1
OR
Microsoft Windows 2000 Advanced Server with
Service Pack 1
Processor
Pentium III or above
Memory
512 MB minimum
Disk space
1 GB disk space
Network
Promiscuous mode Ethernet Card
If you wish to use
Netware User Name
Support
Novell NetWare 5.x and IP.
Web Reporting
Note: the Web Filter machine should have
Novell Client for Windows 2000 installed
Microsoft Internet Explorer 5.0 or higher
OR
Netscape Communicator 4.75 or higher
If you need to monitor a high volume of network traffic, you may require a more
powerful PC. Monitoring Internet access over a large, busy enterprise can
cause your database to grow very quickly, so you should ensure that the
machine you will be using has adequate disk space. For further information see
support pages on the SurfControl website: www.surfcontrol.com/support
1-1
1.2 Where to install SurfControl Web Filter
SurfControl Web Filter has a modular design which allows maximum flexibility
in a network configuration scheme. Where you install the application will
depend on the configuration of your network and the locations from which you
wish to administer Web Filter. SurfControl recommends that you study the
scenarios in this chapter to determine which installation type is most suitable
for your company and network.
SurfControl Web Filter uses a sniffer engine to monitor and/or control Internet
access activity. The location of this service on your network is critical as Web
Filter can only monitor and block what it can see. Routers, switches and
gateways may prevent the Web Filter Engine from seeing certain parts of your
network, so it is vital that you know if any of these devices are installed and
where they are configured before installing SurfControl Web Filter.
You can install SurfControl Web Filter in any of these environments:
Single-segment network
Multi-segment network
Microsoft ISA Server
Proxy Server
For Single or Multi segement networks, SurfControl Web Filter must not be
installed on any system that runs other server based products, such as Web
Server, Mail Server or similar.
For Microsoft ISA and Proxy Server installations, SurfControl Web Filter must
be installed on the same machine as that running these servers.
For Microsoft Proxy Server. SurfControl Web Filter should be loaded onto a
dedicated system and should be positioned on the 'inside' segment of any
Proxy Server.
1-2
1.2.1 Single-segment Network
The figure below shows SurfControl Web Filter installed on what is known as a
single segment network. All of the machines on the network are connected to a
simple hub. In this scenario, you may install SurfControl Web Filter on any
suitable machine and you will be able to monitor and control Internet access
across the network.
1-3
1.2.2 Multi-segment Network
Use this configuration for switched hubs or networks using router segments. To
ensure monitoring of all traffic on a segmented network, you will need to install
more than one copy of SurfControl Web Filter. If SurfControl Web Filter is
installed on a machine in Segment 2, it will not be able to see any traffic in
Segments 1 or 3. Clearly, if you wish to monitor only one segment, this will not
present a problem. If, however, you wish to monitor activity on all of the
segments you will need to install SurfControl Web Filter in a different location.
In the figure below, SurfControl Web Filter has been moved to Segment 1. In
this location, it will be able to see all of the traffic to and from the Internet
because all Internet traffic will pass though the segment where SurfControl
Web Filter is installed.
1-4
Although this installation will monitor Internet traffic for the whole network,
some local traffic will not be seen. If, for instance, you have an Intranet Server
installed on a machine in Segment 2 being accessed by a machine in Segment
3, SurfControl Web Filter will not see the communication. Again, this may or
may not be important, depending on your Internet Access Policy.
To ensure monitoring of all of the traffic of a segmented network you will need
to install more than one copy of SurfControl Web Filter. In the figure below, two
copies have been installed, one in Segment 2 and one in Segment 3. Segment
1 has been left unmonitored because it just has the File/Print/Proxy Server
installed.
1-5
1.2.3 Microsoft ISA Server
You may use Microsoft Internet Security and Acceleration (ISA) Server on your
system but at the same time want to use SurfControl Web Filter's rule creation
ability and category lists. SurfControl Web Filter can be fully integrated with ISA
Server to give you the advantages of both ISA's multi-layer, enterprize firewall
along with SurfControl Web Filter's superior rule creation and categorization
facility.
SurfControl Web Filter must be installed on every machine running ISA Server
regardless of whether the machine is a single standalone machine or a
member of a group of ISA servers.
Note
For existing ISA customers (pre release 4.2.0.21) there is no upgrade path
available for the ISA version of the Web Filter. To link to your old database to
extract reports etc, you should backup your existing database before
installation. This also affects the translation of your existing rules.
Before you start to install SurfControl Web Filter for ISA Server there are
certain environment configuration issues that must be met. Ensure that you
have carried out the following steps before starting to install SurfControl Web
Filter:
1
Find out about the configuration of your ISA Servers.
If your ISA Servers are configured into an array and managed as a single,
logical entity then this will affect how you set up access rules for
SurfControl Web Filter. It is important to be aware of this fact before you
start to install SurfControl Web Filter.
Single ISA Server installation
1-6
Multiple ISA Server Installations
2
Check the configuration of the SurfControl Web Filter machine(s).
Each of the ISA servers that you are intending to install SurfControl Web
Filter on must be configured in the following way:
Each machine must be assigned a static IP address.
The security logs of all domain controllers are set to overwrite
events as needed.
1-7
1.2.4 Auto detecting your network configuration
If you are installing on a Microsoft ISA Server or Microsoft Proxy Server
environment then SurfControl Web Filter will automatically detect this and
install the relevant version of the product. If Microsoft ISA or Microsoft Proxy
cannot be detected then the SurfControl Web Filter sniffer engine will be
installed.
Note
If you wish to install the sniffer product on an ISA or Proxy Server environment,
you can do this by making the following call from a command line:
setup /p standard
1-8
1.3 Database Requirements
1.3.1 SQL Server Database
If you have SQL Server on the machine you plan to install SurfControl Web
Filter on, this will be detected during the installation process. If you are planning
to use a SQL Server database, but have not installed it, complete the following
task before installing SurfControl Web Filter:
Install SQL Server on the appropriate machine. This can be on the same
machine or on a different machine from where you will install SurfControl
Web Filter.
Note
You should install SQL Server with the default setting of case insensitivity,
including case insensitivity for Dictionary Order. Choosing case sensitivity may
cause problems when installing SurfControl Web Filter.
Reasons for using SQL Server
You anticipate storing large volumes of data. This could be due to a high
number of users, high Internet activity or the need to retain data for an
extended period of time.
You require SurfControl Web Filter to write data to a database that is not
resident on the same server.
You require more than one SurfControl Web Filter installation (referred to
as data collectors) to consolidate data to a single database.
SurfControl Web Filter works with both Microsoft SQL Server 7 and SQL Server
2000.
1.3.2 MSDE Database
If you are not using a SQL Server database then Microsoft SQL Server
Desktop Engine (MSDE) will be used. This will create the database for
SurfControl Web Filter to use and also enables a seamless upgrade to a SQL
Server database should you wish to do so in the future. MSDE will be installed
from either the product CD or the Internet via the downloaded setup.exe file.
1-9
1.4 Network Cards
In some instances, when SurfControl Web Filter is used in conjunction with a
network switch, it is often connected to a mirrored port on the switch, so that
traffic from all ports can be monitored. A mirrored port can only receive data,
not send it. In this situation Web Filter will monitor activity (because it can
receive traffic) and you will see Internet traffic in the Monitor but it will be unable
to send any data. In effect it will not be able to send any blocking packets, nor
will it be able to send a message to the user indicating that they have been
blocked.
The result of this is that any rules you have created will not work. In this
scenario, at least two network interface cards (NICs) are needed in the Web
Filter server. One NIC will be used to monitor data only, and will be connected
to the mirrored port, the other can be connected to any port on the switch and
will be used to block and can perform other tasks such as DNS lookup,
connecting to a database, user name resolution etc. You may wish to install
another NIC to perform these tasks separately.
They are set up in the following way:
In the ‘Select Network Card’ dialog during installation choose which card
you want to use to monitor data.
After installation set another card to block and send data out.
1.4.1 Identifying your NICs
Before installation identify the NIC that you will use for monitoring data and
which will be used to block or send data to the network.
Note
Ensure that the NICs are connected to the appropriate corresponding switched
port.
1 - 10
Select a NIC to receive data
Start to install SurfControl Web Filter. If you are installing on a machine with
more than one NIC you will see the following dialog during set up:
Select the check box that corresponds to the card that you intend to use to
monitor data then click Next to proceed through the installation.
Configuring the Monitoring NIC
1
1 - 11
Open Network and Dial-up Connections from the Windows Control Panel.
All your NICs will be displayed:
2
Select the NIC that you set up for monitoring and right-click it. Select
Properties from the drop-down menu.
3
In the dialog that follows you will see a list of components for the
connection:
Locate the SurfControl Network Protocol Device Driver.
Warning
DO NOT clear this check box or the SurfControl driver will be deactivated for
this network card and all monitoring/blocking will stop.
If for some reason this box IS cleared and you do not want the driver
deactivated, then re-check it and click OK to restart.
1 - 12
4
Select this driver and click the Properties button. A Properties dialog will
appear:
5
Ensure that both the Monitor this adapter and Redirect blocking
packets to: check box are selected. Select the NIC you wish to use to
send blocking data to from the drop down list.
Configuring the blocking NIC
1
Navigate to the SurfControl Network Protocol Device Driver dialog for the
blocking NIC, using the same method as for configuring the monitoring
NIC, described above
2
Ensure that both the Monitor this adapter and Redirect blocking
packets to: check boxes are cleared.
Using a third NIC
If you want to set up a third NIC for network communication, the following
binding settings are recommended.
Web Filter Monitoring and Blocking NICs
SurfControl Network Protocol Device Driver - Selected
Internet Protocol (TCP/IP) - Not Selected
Network Communication NIC
SurfControl Network Protocol Device Driver - Not Selected
Internet Protocol (TCP/IP) - Selected
If using a third NIC, the protocol device driver properties for the Monitoring NIC
needs to be configured in the following way (as in step 5 above for the blocking
NIC).
Monitor this adapter - selected.
Redirect blocking packets to: - cleared.
1 - 13
Ensure the correct NIC is selected from the drop down list.
1 - 14
2
Installation
This section contains instructions for a successful installation of SurfControl
Web Filter. The flowchart and descriptions explain what you should do at each
stage of the installation process.
2-1
Installation
2.1 Flow chart
The following flowchart shows the processes involved when installing
SurfControl Web Filter.
Welcome
Information screen
(where applicable)
License
Agreement
1
Installation
continues
2
No
Display Readme?
Yes
Readme file displays and
installation continues
3
Select SQL Database Installation Option
Complete Install
with MSDE 2000
Complete Install using an
existing copy of SQL Server
MSDE Download
and installation follow on screen
instructions
4
Remote Administration
(needs SQL Server)
Enter Customer
information
Choose destination
location
5A
5B
5
Complete product
Choose setup type
Select server
installation options
Remote Administration
(you must install complete
product first)
Select client installation
options
Select Network Card
(if applicable)
Select server type
Install Summary
Transfer of files
6A
6
Windows
Authentication
6B
Select MSDE / SQL Server Database and
authentication type
SQL
Authentication
Enter name of
database
Enter name of
database
Log on as other
account
Select account for Web
Filter Service
Log on as local
system account
7
8
Systems
Administrator
notifications
Register for
category updates
2-2
Installation
2.2 Installation Description
The numbers in the following description relate to the steps in the flowchart.
Throughout the install process you can:
Click Next to move on to the next part of the installation process.
Click Back to go back to the previous screen.
Click Cancel to abort the installation of Web Filter.
From the Welcome screen, click Next to continue.
1 License
The SurfControl License Agreement. You must agree to the terms and
conditions contained within this agreement before you can install SurfControl
Web Filter. The Next button is greyed out until you select the ‘I accept the terms
of the License agreement’ radio button.
2 Display the Readme file
The Readme file contains information about new features, customer reported
issues fixed and known issues with the product. It is strongly recommended
you read this file before continuing with the installation process.
Click Next and the Readme will display in a web browser.
3 SQL Database Installation Options
Note
This dialog only appears if there is no SQL Server database detected on your
machine. If one is present, you will go straight to step 4, Customer Information.
On this dialog you have three options:
Complete Web Filter product with MSDE2000. This includes the
installation of MSDE on your machine from either the product CD or via
the Internet from the downloaded setup.exe file. During the MSDE
installation process you will need to provide a Systems Administrator
User Name and Password. At the end of the MSDE2000 installation
process you are asked whether or not you want to restart your machine
for the changes to take place. You MUST click Yes on this dialog, as
problems with the rest of the Web Filter installation may occur if you don’t
restart your machine. You will need to begin the Web Filter installation
again after restarting.
Complete Web Filter product using an existing SQL Server. During
this installation you will be asked to connect to a SQL Server database
located on your network. No data will be written to the local machine.
Web Filter Remote Administration. You need to have installed one of
the Complete Product options as described above before installing a
Remote Administration.
2-3
Installation
4 Customer Information
This dialog allows you to specify a User Name, Company Name and Serial
Numbers for both Web Filter and the Virtual Control Agent™. If you are
evaluating Web Filter you can leave the Serial Numbers blank and you will
install a 30 day trial version. If you then purchase the product you can enter the
Serial Number supplied via the Help > About menu options from any of the
Web Filter components. Click Next and you will be asked to choose a
destination location. the default is:
C:\Program Files\SurfControl\Web Filter
You can Browse to select a different location if you choose. Click Next having
either selected the default or chosen an alternative location.
5 Setup Type
There are two Setup Type options:
Complete Product - this installs all of the SurfControl Web Filter
components, linking to the SQL Database chosen in Step 3.
Remote Administration - if you wish this machine to act as a Remote
Administration Client, highlight this option. This option is highlighted if you
chose Remote Administration in Step 3.
Note
Remember that a Complete product installation must have been performed on
your network before chosing Remote Administration, as it will search for the
SQL Server database setup as part of this procedure. If you chose the
Complete Product Installation option here after chosing Remote Administration
option in Step 3, a warning dialog will appear. This will remind you that you
need an instance of MSDE or SQL Server database on your network.
5A Complete Product Installation Options
Having chosen the Complete Product Installation, the next screen is the Select
Server Installation Options dialog. The options are:
Automatically Monitor New Users. This enables all new users added to
your network to have their Internet activity monitored.
Enable User Name (EUM) Support. This uses Windows 2000 security
auditing to resolve usernames when a router is between the SurfControl
Web Filter machine and a user's workstation. This enables SurfControl
Web Filter to monitor across networks. See the EUM section for more
details.
Note
This option is not available for ISA or Proxy Server installations.
2-4
Installation
Install Virtual Control AgentTM. The Virtual Control Agent (VCA) evaluates
"unknown" web sites then classifies each Web page into one of the SurfControl
Web Filter categories. If you have not purchased a license, the VCA will
operate as a 30 day trial version. See the VCA chapter in the Post Installation
Configuration section for more details.
By default, these options are checked, so if you do not wish to install any of
these options, un-check the relevant box. You can also configure these three
options following installation.
For EUM see the Programs > SurfControl Web Filter > Enterprise
User Monitoring menu to either install or uninstall.
Note: this option is not available for ISA or Proxy Server installations.
For the VCA to either install or uninstall, click the Change/Remove button
in the Add/Remove Programs options in the Control Panel. Choose the
Modify option from the first dialog box and select the VCA.
To change the Monitor New Users option, see the Configure >
Monitored Users menu option from the Web Filter Monitor.
Click Next to continue
If your machine has more than one network card installed, the Select Network
Card dialog box will appear. Select the card that you wish to monitor Internet
traffic via by checking the relevant box. For more information on network cards,
see the pre-installation section.
Note
This option is not available for ISA or Proxy Server installations.
Click Next to continue.
The Select MSDE/SQL Server Database dialog will appear. See Step 6
2-5
Installation
5B Remote Administration Installation Options
Setting up a machine as a Remote Administration Client gives you the following
functionality:
The ability to see monitored traffic that is recorded in the database using
the SurfControl Web Filter Monitor.
To create and edit rules then commit them to the database so that they
work across your system.
Setup scheduled events for Command Line, Database Management,
Network Groups Updates and Reporting tasks.
Start and stop the SurfControl services.
Use standard reports with any database and Web reports with a SQL
Server database.
A Remote Administration machine does not have the following functionality:
The ability to collect any network traffic data.
Use of the Real-Time Monitor.
Update the Category List updates.
The ability to update the SurfControl Web Filter database.
Having chosen the Remote Administration Installation, the next screen is the
Select Client Installation Options dialog. You can choose whether or not to
install the Virtual Control AgentTM (VCA) from this dialog. As you should only
install the VCA on one collector per monitor database, the default is not to
install.
The next dialog box asks you to specify the server platform type. The option
selected and highlighted will depend on the environment automatically
detected during the initial installation process.
Note
If you manually installed the sniffer product on an ISA Server, you should select
the ISA Server option here to ensure you have the Bandwidth Rule tab included
in your Rules Administrator object options.
You will now see a summary of your installation settings. Click Next to start the
installation.
Once the installation has finished, the Select MSDE/SQL Server Database
dialog will appear.
2-6
Installation
6 Select MSDE/SQL Server Database
After the installation of the Complete Product or Remote Administration has
finished, this dialog asks you to select the Server and Authentication type.
Server - from the Server drop-down list box, select the server you wish to
connect to.
Authentication - you have a choice of two authentication types:
Windows Authentication
SQL Authentication
6A Windows Authentication
The default choice. This uses the Windows User Name and Password.
The dialog box then asks you to select a database for Web Filter to use, from
the server selected in the previous screen. All SQL Server databases present
on the selected server are visible from the drop-down list box. The default
database is:
surfcontrol_webfilter
If you wish to use a new database, not present on the server, you can enter the
name in the Database field to create it.
2-7
Installation
Having chosen Windows Authentication, the next dialog asks you to select an
account for the Web Filter Service. This needs to have administrator rights.
There are two Log On As options:
Local System Account. If the database is on the local machine, you can
choose this option.
This Account. If the database is on a different machine, you will need to
use this option. You will need to supply the following information:
Domain\User Name
Password
Password Confirmation
Having entered the Log On As information, click Next to continue. The
Systems Administrator Notifications dialog will appear. See Step 7.
6B SQL Authentication
This requires the use of a pre-existing SQL User Name and Password. The
User Name must have rights to create databases.
The dialog box then asks you to select a database for Web Filter to use, from
the server selected in the previous screen. All SQL databases present on the
selected server are visible from the drop-down list box. The default database is:
surfcontrol_webfilter
If you wish to use a new database, not present on the server, you can enter the
name in the Database field to create it.
The Systems Administrator Notifications dialog appears.
2-8
Installation
7 Systems Administrator Notifications
SurfControl Web Filter can send message notifications to a specified e-mail
address if any of the following events occur:
Service running status change - if one of the SurfControl services stops
running.
Catch up mode notifications - if Web Filter enters catch up mode due to
the volume of Internet traffic being generated.
Scheduled task failures - if a scheduled task fails to run in the
Scheduler.
Category List License reminders - if a Category List License is close to
expiring.
By default, all these notifications are selected. Clear the appropriate box if you
do not wish to receive a certain message type.
You need to enter your company’s SMTP Server name and a Recipient
Address.
The From Address is the default e-mail address from the Rules Administrator.
You may replace this with an address of your choice.
Note
You can also configure these notification settings following installation by rightclicking the Web Filter icon in the status area and selecting the Configure Web
Filter Service menu option. Click on the Email Notifications tab to bring up the
settings.
the InstallShield Wizard Complete dialog appears.
Before you can use Web Filter, you need to restart your computer. You have
the choice to do this immediately, or later.
Click Finish.
2-9
Installation
8 Register for Category Updates
On restarting your machine, Web Filter will ask you to register your product in
order to receive Live Updates of the Category Lists. Complete the form, making
sure you complete the required fields (marked with an *). You can also set a
different location for the downloaded temporary files than the default by
browsing to the folder you wish to use.
The default location is: C:\Program Files\SurfControl\Web Filter\
Note
You can register at a later date by adding a Category Database Update event in
the Scheduler.
Click Register. A Scheduler dialog will appear confirming the setup of the
scheduled update. This can be changed via the Scheduler if needed.
Click OK. The install is now complete.
2 - 10
Installation
2.3 Upgrading
2.3.1 Access to SQL Server Database Upgrade
If you are upgrading from a previous version of SurfControl Web Filter to 4.5
and your database was Microsoft Access, this will be upgraded to a MSDE2000
or SQL Server database as part of the process.
Note
You cannot upgrade an earlier evaluation copy to version 4.5 of SurfControl
Web Filter.
2 - 11
1
Start the installation as described earlier in Section 2
2
If you have already got a SQL Server Database on your machine, this will
be detected automatically. You then go straight to Step 4.
3
If you have no SQL Server Database present, you will need to choose the
Complete Install with MSDE2000 option (see Step 3 in the Installation
Description section). Once MSDE2000 has been installed and your
machine re-booted, you need to restart the installation.
4
You will be asked to select your upgrade option on re starting the
installation. The default is to ‘Keep Existing settings’. Click Next.
5
The Database Updater dialog will appear. This will show the current DSN.
You can use this or browse to select another if you want. Click Update
Database.
6
A dialog will inform you when the database has been updated succesfully.
7
The upgrade then follows the same path from Step 6 in the Installation
Description section.
Installation
2.3.2 Upgrading Archived Databases
If you have a number of archived Access or databases you wish to upgrade to
SQL Server, you will firstly have to upgrade your current database as described
in 3.1 above. Following a successful upgrade you can then run the dbmodify
tool.
This tool is found in the following folder following a default installation:
C:\Program Files\SurfControl\Web Filter\Tools.
1
Double click the dbmodify application and the SurfControl Database
Updater dialog will appear. This will show your current DSN. If you need to
select a different DSN click the Browse button and navigate to its location.
2
Then click Update Database.
3
A dialog will inform you when the database has been updated succesfully.
You can now run the ‘Upgrade Access to MSDE SQL Server’ wizard from the
Programs > SurfControl Web Filter > Database Tools menu. This wizard will
guide you through the upgrade process.
2.3.3 Upgrading SQL Archived Databases
To use archived SQL Databases all you need to do is run the dbmodify tool as
described above.
2 - 12
3
3.1 Database creation
This section explains how to set up a new SurfControl Web Filter Database.
3.1.1 Creating a SQL Server Database
In order to create a SQL Server database to be used by SurfControl you need a
valid SQL account on the SQL Server. You can create the database using the
built in sa account, using the password that you specified during installation (if
you opted to change it) and in this instance you would create a database in the
same way as you would if creating a MSDE database (see section 1.2 Creating
a MSDE Database for more details). If, however, you are unable or unwilling to
use the ‘sa’ account for whatever reason, then you must create a new user
account before creating the SQL database:
Creating the Account
1
First stop the SurfControl Web Filter service and make sure that you have
all of the SurfControl components (Monitor, Rules Administrator etc)
closed.
2
Open the SQL Enterprise Manager from the Microsoft SQL Server Start
menu.
3
Click on the ‘+’ sign in front of the SQL server name to expand the tree.
4
Click on the ‘+’ sign in front of Security and choose Logins from the
expanded tree. Right-click on ‘Logins’ and select ‘New Login’.
5
In the dialog that follows:
Select the General tab and enter a name for your new account.
Select the ‘SQL Server authentication’ radio button and enter a
password in the ‘Password’ edit field.
Select the ‘Server Roles’ tab. Check the Database Creators key.
6
Click OK.
3-1
Creating the Database
1
Choose Database Tools/Create MSDE SQL Server Database from the
SurfControl Start menu.
2
This will launch the Create SurfControl WebFilter Database Wizard that
will guide you through the steps involved in creating a SQL Server
database for use with SurfControl Web Filter.
Setting up Access to the Database
1
Open the SQL Enterprise Manager from the Microsoft SQL Server Start
menu.
2
Click on the ‘+’ sign in front of the SQL Server name to expand the tree.
3
Click on the ‘+’ sign in front of Security and choose Logins from the
expanded tree.
4
Right-click on your newly created login from the list of available logins and
select Properties.
5
Select the Database Access tab in the dialog that follows then select your
newly created SurfControl database.
6
In the ‘Database Roles’ section ensure that both ‘Public’ and ‘db_owner’
are checked.
7
Click OK.
Accessing your new database
On the machine that you wish to access the database:
1
Select Database Tools/Select Database on the SurfControl Start menu.
You will now see the Select SurfControl Database dialog:
If you wish to set this as the default database to be used by the
SurfControl Monitor select the Monitor tab.
If you wish to set this as the default database to be used by the Surf
Control Rules Administrator, select the Rules Administrator tab.
2
Click the Browse button.
3
This will launch the SQL Server Login where you can navigate to your new
database. Click Connect to SQL Database to expand the dialog. The
expanded dialog will enable you to enter details of the machine where your
database is located.
4
In the ‘Server’ edit field enter the name of the server where the database is
installed. This name will be saved in the list for ease of access next time.
Up to ten names can be stored in this way.
5
Select your new database from the ‘Database’ list. Click OK.
3-2
Creating the SQL Server Account
After you install both SQL Server and SurfControl Web Filter, you must provide
a SQL Server login for SurfControl to use when connecting to the database.
Note
You must use this SQL Server login to create the SQL database. Furthermore if
users are to use the Select Database utility then they must again use this
account rather than the sa account. This is the only account that should be
used with the Rules Administrator.
Creating a SurfControl Web Filter User Account:
1
On the server that is running Microsoft SQL Server, choose Microsoft SQL
Server Enterprise Manager on the Start menu.
2
In the Management console, open the tree properties until you can select
the icon for the server you are working from. Under there should be a list of
folders including two called Databases and Security.
3
Open the Security folder and select the Logins property. You should see in
the right pane a list of the current logins available for SQL Server.
4
Right-click in the space below and select New Login from the dialog box.
From here you can create a new user account for SurfControl to use when
connecting to the database.
5
At the top of the first page add the new name for the login (e.g.:
surfadmin). You will need to choose a form of authentication. Select the
SQL Server authentication and then you can either choose to add a
password or leave it blank. If you add a password you will be requested to
confirm this later on. From the third option on this page, 'Defaults', select
from the database menu the SurfControl Web Filter database. Leave the
language option set to default. The second tab on this dialog, titled 'Server
Roles', should be left with no properties highlighted.
6
In the Database Access tab, select the SurfControl database and then in
the menu below 'Permit in Database Role' select the top two options:
'public' and 'db-owner'. No other properties need to be selected. Click OK
to create the new user account.
Next you will need to modify the SurfControl database. Right-click on the
previously created database in the databases folder and select properties. Go
to the 'Options’ tab and select the ‘Restrict Access' check box. Click OK.
You will now be able to open the SurfControl monitor using the new user login.
3-3
3.1.2 Creating a MSDE Database
1
Select Database Tools/Create MSDE SQL Server Database from the
SurfControl Start menu.
2
This starts the Database Creation Wizard that will guide you through the
steps involved in creating a MSDE database for use with SurfControl.
3
The first information that you will be asked for is the server where you wish
to create the database and the type of authentication that this machine
requires:
Use Trusted Authentication- selecting this check box will mean
that your Window’s user name and password will be used.
SQL authentication - if you don’t select the ‘Use Trusted
Authentication’ check box’ you will need to enter a valid SQL
account name and password.
4
Enter a name for the new database then check the remaining options as
required:
Use default file locations - this will store the database file and the
transaction log file on the server. If you wish to store these files
elsewhere then you need to uncheck this option and specify a
location for these files in the dialog that follows.
Set as the Web Filter Service default database - the Web Filter
Service will set this database as the default for the Monitor and
Rules Administrator applications.
Restart the Web Filter Service with this database - the Web
Filter Service will automatically start to write to this database once
you have created it.
Populate with sample monitored data - shows a full database of
sample data that can be used to try out reports and Monitor
settings. This is useful when you are getting to know the product
and either do not have or do not wish to use an existing full
database.
5
The Finish dialog will indicate that you have created a new database.
3-4
3.2 The Virtual Control Agent
3.2.1 Installation
Note
You should stop the SurfControl Web Filter service and all other applications
before installing or uninstalling the VCA.
If you did not install the Virtual Control Agent when installing Web Filter, or wish
to uninstall it, highlight the SurfControl WebFilter entry in the Add/Remove
Programs menu from the Windows Control Panel and clicking the Change/
Remove button. Choose the Modify option from the first screen. Click Next and
the VCA should be selected (to install). Clear the check box to uninstall. Click
Next and follow the prompts.
Note: you should only have one VCA installation per Monitor database.
The default option during a Remote Administrator installation is to not
install the VCA.
3.2.2 Post Installation Activation
If you need to enter the VCA Serial Number, you can do so while the VCA
window is open.
1
Select VCA from the SurfControl Web Filter group on the Start menu.
2
Right-click on the VCA icon in the upper-left corner of the VCA window,
then select About SurfControl Web Filter Virtual Control Agent from
the pop-up menu.
3
Click Serialize in the About box.
4
Enter the serial number in the dialog, then click OK.
Note
SurfControl Web Filter VCA running in evaluation mode will not update the
SurfControl Web Filter database. However, it will give feedback on totals of
sites that would be categorized when activated.
3-5
3.2.3 Configuring the VCA
Configuration of the VCA is carried out within the Settings tab of the
SurfControl VCA dialog:
Within this dialog you can configure the following:
Spider Settings
Proxy Settings
The Spider Settings
The Settings tab enables you to control how the VCA will handle connections
and pages during classification runs.
Observe Robot Exclusion Policy - some sites contain a text file that
describes exactly what each spider (or robot) can access on the site. If you
choose to ignore this policy then the spider will try to access unauthorized
areas on the site. This may result in your IP address being banned by the site.
Impersonate Internet Explorer - if you select this item the VCA will identify
itself as Internet Explorer when making requests to servers. If you uncheck this
item then the VCA will identify itself as SurfControl Web Filter. Some sites are
inaccessible unless you impersonate Internet Explorer. Alternatively, sites can
also ignore requests that originate from SurfControl Web Filter.
Cache retrieved web pages - adds any pages directly retrieved during the
VCA run to the local web page cache, if available.
Retrieve pages from cache - enables VCA to use locally cached versions of
pages on a site, rather than having to go out and retrieve current versions
directly from the site to be classified.
The Proxy Settings
The Proxy Settings are available on the Settings tab of the VCA.
If the VCA will be accessing the Internet through a Microsoft Proxy Server, you
should select the ‘Use Proxy’ setting check box.
Note
If you want the VCA to use NT Authentication when going through the Proxy
Server, check the Use NT Authentication box setting. If you do not want to use
NT Authentication then supply a User Name and Password.
3-6
The General Settings section
The General Settings section contains a check box entitled 'Submit details of
VCA categorized sites to SurfControl'. If you check this box then as VCA
categorizes 'None' sites it will send these sites with their new categorization to
SurfControl.
Research staff examine these sites to check that the categorization applied by
VCA is correct. Once these categorizations are verified the URLs are added to
the Category Database to ensure that it always contains the most
comprehensive and up-to-date information.
3.2.4 Upgrading the VCA
If you did not have VCA installed on a previous version of SurfControl Web
Filter and you now wish to upgrade this version then VCA will not be installed
during the normal upgrade process. VCA will need to be installed manually.
To install the VCA manually, navigate to the SurfControl Web Filter
installation directory where you will find a folder containing the VCA
components.
Double-click the VCA setup.exe file.
Follow the on-screen prompts to install the VCA.
If you did install VCA on a version of SurfControl Web Filter that you now wish
to upgrade then VCA will be upgraded along with the rest of the Web Filter
product. However this will only happen if the version of VCA that you have is
the following:
SurfControl Virtual Control Agent 4.0.2.2
3-7
3.3 Enterprise User Monitoring
By default, SurfControl Web Filter resolves user names in a Windows NT or
2000 environment by issuing a NetBIOS query based on the MAC address.
SurfControl Web Filter also provides an Enterprise User Monitoring (EUM)
utility for resolving user names in a routed network. SurfControl recommend
you use EUM for all user name resolution with Web Filter. As an alternative you
may also choose to monitor on Novell User Names. See section 3.4 for more
details on Novell Netware.
SurfControl recommends user name resolution because:
Workstation name resolution only identifies the machine requesting the
data, not the user who originated the request.
Monitoring user names is more convenient in a workplace where
employees share or swap machines frequently.
Allows you to utilize existing NT Users and Groups for creating rules.
Note
EUM is not available on Proxy or ISA Server installations.
3.3.1 EUM on Windows NT domain controllers
SurfControl Web Filter installs the EUM agent onto Windows NT domain
controllers as a service (ScUserAgent.exe). During installation, SurfControl
Web Filter configures the domain controllers to record Successful Logons to
the security log (event 528). If you make changes to this audit policy and
disable event 528 logs (Successful Logon), EUM will no longer operate
properly. See the EUM section in the Administrators Guide for more details.
Before installation onto a NT domain controller, ensure the trust relationships
are set up for multiple domain environments. In this case SurfControl is
Trusted, all other domains are Trusting.
3.3.2 EUM on Windows 2000/2003 domain controllers
The EUM is installed onto Windows 2000/2003 domain controllers as a dll
(ScSubAuth.dll). When EUM is installed on Windows 2000 environment, it
uses Microsoft’s Sub-Authentication to resolve user names. See the EUM
section in the Administrators Guide for more details on Sub-Authentication.
After installation on Windows 2000, you must reboot the domain controller.
3-8
3.3.3 Installation Instructions
Before installing the EUM software, make sure your environment meets the
following requirements:
A static IP address has been assigned to the SurfControl Web Filter
machine(s).
You have administrator rights to all domain controllers where you will
install the EUM agents.
The SurfControl Web Filter machine is located in the correct domain.
In a two-way trusted environment, it can be located in any domain.
If a one-way model is in use, then it should be located in the master
domain so it can see all other domains.
No restriction on the firewall or router for the TCP/IP port used. The
default port is 61695 (61696 on Netware).
Ensure that the security logs of all domain controllers are set to overwrite
events as needed.
3.3.4 User Logoff Recommendations
Before beginning the installation procedure, try to make sure there are few or
no users on the network or when a forced logoff can be scheduled. This
ensures the fastest, most accurate detection of users.
If this condition cannot be achieved, it may take a few days for SurfControl Web
Filter to detect all users, as they log off and back on to the system in the course
of normal work patterns.
3-9
3.3.5 To install Enterprise User Monitoring
1
Select Install Enterprise User Monitoring from the Programs >
SurfControl Web Filter > Enterprise User Monitoring menu.
2
Click Next on the Welcome Screen.
3
Enter the hostname of the Server running the SurfControl Web Filter
software. By default, this is the name of the Server running the EUM
installation. SurfControl recommends that you check the hostname
resolves via DNS.
4
Specify which port the User Agent and SurfControl service should use to
communicate and click Next to continue. SurfControl recommend you
choose the default port 61695 (61696 on Netware).
5
Select or deselect the domains to monitor. The list includes the local
domain and all trusted domains on the network. Click Next to continue.
6
Select the domain controllers where you want to install the EUM agents,
and click Next to continue. You now see a window indicating the progress
of the EUM installation. For each domain controller selected, the
installation process will now perform the following tasks:
7
Enable auditing for Logon and Logoff (for each domain).
8
Create the directory:
C:\SurfControl User Agent.
9
Copy the User agent service, ScUserAgent.exe and scua.ini to the
User Agent directory.
10 Start the User Agent Service. Progress details will be displayed in the
dialog.
11
When the Agents have been installed on all the domain controllers, select
Finish to complete the installation.
12 You now need to reboot your Windows 2000/2003 server.
3 - 10
3.4 EUM for Netware
3.4.1 Installing the Netware Loadable Module
nweum.nlm is the Netware based User Agent. It provides the same
functionality as the NT EUM but on a Netware platform. With this product user
logon events are seen only on the Netware Server and for this reason the NLM
must be loaded on to every Netware Server. To install the NLM:
1
Install Novell Client 32 on to a workstation. The network must be using
Novell 5 or 6 over IP.
2
From this workstation log on to the Novell Server with administrative rights.
3
Go to the SYS volume and create a directory for example, nweum.
4
Under this directory, copy the files nweum.nlm and scua.ini.
5
On the Netware Server console, load the NLM by typing:
Load sys:\nweum\nweum.nlm
6
Click Enter.
Note
The system will not allow you to load the NLM if a copy is already running.
Automatically loading the NLM
To automatically load the NLM every time the Server is rebooted edit the file
sys:\system\autoexec.ncf
Add the line:
load sys:\nweum\nweum.nlm at the very end of the file.
You can edit this file using any text editor from the workstation or from the
Netware Server by typing:
Load edit sys :\system\autoexec.ncf
Unloading the NLM
To unload the NLM type:
unload nweum.nlm
For information on editing the Novell version of scua.ini see the EUM section in
the Administrator’s Guide.
3 - 11
3.5 Performance Tuning
There are a number of factors to take into account when deploying SurfControl
Web Filter on your network, which relate to the choice of server, number and
locations of servers, and configuration options. The first thing to understand is
the components within a server that affect performance:
CPU: A faster CPU or multiple CPUs will improve processing throughput.
RAM: A Larger amount of memory will improve performance through
better buffering.
Disk Subsystem: Probably the most important factor, a faster disk system
(SCSI, SCSI II etc) will improve throughput.
Virus checkers and services: Disable any that are not needed.
3.5.1 System Workload Issues
What size and strength of system your monitoring requires depends on the
amount of traffic (packets per second) that you need to monitor since the
biggest impact on performance is the recording of monitored packets to the
SurfControl database. Understanding the volume of network traffic, the mix of
protocols, and the level of detail you want to monitor will help in sizing the
correct system.
As a hypothetical example, a network might have on average 600 packets a
second passing by the SurfControl Monitor. These could break down into the
following percentages:
HTTP (web access) - 70%
FTP - 15%
Telnet - 10%
SMTP - 5%
3 - 12
3.5.2 Monitoring Options
If you are not interested in monitoring FTP or telnet, you can disable these
protocols in the SurfControl Web Filter Monitor. Doing this reduces the
workload for SurfControl Web Filter.
You can further reduce the workload by deciding not to monitor certain
workstations (this does not stop your ability to control those workstations
access from the Rules Administrator). This can be done through the Monitor
User interface. For instance if you have a web server inside your firewall you
may not wish to see all the traffic associated with that system.
You can also reduce the amount of monitoring for each connection by recording
only the top-level domain and not individual graphics that typically get
accessed.
3.5.3 Other Performance Options
You can also control other performance factors, such as:
Disable the monitor all HTTP traffic setting (will only monitor top level
domain information).
Disable auto-categorization, or only using SmartScan.
Disable username support (if you have not implemented NT or NDS
usernames across your network you may only require a hostname).
Lengthen the time between checking if a new user has logged in on a
workstation.
If you have workstations on your network that don't have an entry in your DNS
Server, you will suffer a performance penalty. SurfControl Web Filter will
attempt to resolve the workstation name, which ultimately results in a timeout
from the DNS Server that will slow the service. This applies not only to internal
workstations, but also to external workstations that enter your network. You
may see a lot of external workstations registering in the Monitor if you have a
Web Server, FTP Server or E-mail Server on the monitored network.
You can disable the workstation name resolution to speed up performance by
deselecting the Enable Workstation name resolution option.
3 - 13
3.5.4 Performance Factors
There are other factors that come into play, and other options you can deploy in
tuning the system. The size of the monitored database can also impact
performance. Another factor is the demand for reporting as well as recording;
high reporting requirements can impact system performance.
3.5.5 Catch-Up Mode
When SurfControl Web Filter is unable to keep up with the volume of data it is
trying to record to the Monitor database, it will move into "catch-up mode",
where it starts to set monitoring priorities. First, SurfControl Web Filter will stop
recording non-HTTP data, and then it will stop recording HTTP data. A warning
will be written to the event log when catch-up mode is started and when normal
service is resumed. This does not affect the rules and blocking.
Catch-up mode is based on classic high and low water principles to prevent
constant stopping and starting of monitoring. However, if this happens
frequently, there are various solutions:
Use a more powerful PC for monitoring.
Archive the database frequently. This speeds up the committing of
information to the database.
Monitor less information. For example, only capture details for specific
users.
Monitor to flat file, and then update the database during non-peak hours.
Disable DNS resolution for either workstations and/or sites.
3 - 14
3.5.6 Distributing Services and Multiple Collectors
Your network may have such a large volume of traffic that no one system can
handle it. In these instances you can deploy multiple Servers. These Servers
can be physically deployed on different segments if you have a switched
network, or they can be configured to only monitor certain subnets (using the
SurfControl Web Filter Service). You are then able to balance the load across
Servers.
This will result in separate monitor databases on each Server. This may be a
good solution if you want to delegate control to departments or groups, as they
will be able to monitor and control their own Internet Access Policy.
However, if you wish to use a single database to view and produce reports, you
will need to consolidate the information. This can be done in one of two ways:
Use flat files at each of the SurfControl Servers (in this case known as
collectors). Then use the SurfControl 'Database Updater' process to write
the flat files from each of the 'collectors' to a single database.
Configure both collectors to simultaneously write directly to the single
database.
3 - 15
3.6 Troubleshooting
This section covers some problems that may occur during or after installation of
SurfControl.
3.6.1 Proxy Server running on a non-standard port
SurfControl Web Filter by default only monitors the following protocols and
ports.
HTTPS: 443
HTTP: 80,8080,8000
FTP: 21
Telnet: 23
NNTP: 119
Note
On an ISA installation, you will only see HTTP, HTTPS and FTP protocols as
default.
If your clients are configured to access an HTTP Proxy Server that does not
use these default ports, you will need to configure SurfControl Web Filter to
monitor the non-standard ports.
3.6.2 To configure non-standard ports
1
Stop the Web Filter service by right-clicking on the SurfControl Web Filter
icon in the Windows taskbar status area and selecting Stop Web Filter
Service on the popup menu.
2
Open the SurfControl Monitor.
3
Select Monitored Protocols from the Configure menu.
4
Highlight the protocol you wish to re-configure from the protocols list to
display the currently configured ports. Click Configure Protocols.
5
Highlight the protocol again and click the
6
In the Ports dialog, click the
button. Enter the port number in the box.
Click Close, then Click OK on the rest of the dialogs.
7
Restart the Web Filter Service. SurfControl Web Filter will now monitor
requests on the new ports.
button.
3 - 16
3.6.3 If no data is being collected
3 - 17
1
Check that the Web Filter service is running. The SurfControl Web Filter
icon in the System Tray should appear in color. If it is grayed out, the
service is not running.
2
To start the service, right-click on the SurfControl icon in the Windows
taskbar status area and select Start Web Filter Service on the popup
menu.
3
If the service will still not start or you experience further problems, please
contact SurfControl Support.
3.7 Troubleshooting EUM Issues
If you are having difficulties making EUM work correctly, please check these
items before contacting SurfControl Support:
After installing the EUM agent, make sure that all domain users log out
and then back into the domain because the agent will not pick up
previously logged-in users.
Check the security logs on the domain controllers to ensure that the user
has indeed logged on.
If an entry is present for the user, ensure that the workstation name can
be resolved from the domain controller running the user agent. If it can't
be resolved, NetBIOS is not installed on the client and no DNS entry is
present. You should add a DNS entry or install NetBIOS on the client.
Ensure that the agent is installed on all domain controllers that
authenticate users.
3 - 18

SurfControl Web Filter Installation Guide

Transcription

Similar documents

Atlantis Energy Systems Inc.

Installing ANSYS 15 Mount the iso files using Virtual Clone

Coffing EC3 Manual

Hydro-Filter™ - Phoenix Truckmounts

ecopure® dual stage filter

Regions CD Check Viewer Installation Guide

Chemcrest Installation Guide